Red Hat OpenShift Service on AWS with Hosted Control Planes
Red Hat OpenShift Service on AWS (ROSA) is a fully-managed turnkey application platform that allows you to focus on what matters most, delivering value to your customers by building and deploying applications. Red Hat and AWS site reliability engineering (SRE) experts manage the underlying platform so you don’t have to worry about the complexity of infrastructure management. ROSA with Hosted Control Planes (HCP) offers a more efficient control plane architecture that helps reduce the AWS infrastructure fees incurred when running ROSA and allows for faster cluster creation times.
Configure Node Pool Scale-to-Zero on ROSA HCP
ROSA HCP supports setting min_replicas=0 on node pools with autoscaling enabled. This allows the cluster autoscaler to scale worker nodes down to zero when no workloads require them, and scale back up automatically when pods are scheduled. This is useful for cost optimization on…
Configuring OpenShift Logging 6 on ROSA HCP
This guide has been validated on OpenShift 4.20. Operator CRD names, API versions, and console paths may differ on other versions. ROSA HCP clusters now only support openshift Logging 6.x and above. This guide aims to provide a step-by-step guide for implementing logging 6.x on…
Using AWS Secrets Manager with External Secrets Operator on ROSA HCP
This guide has been validated on OpenShift 4.20. Operator CRD names, API versions, and console paths may differ on other versions. Bridging the Security Gap with External Secrets Operator In the modern cloud-native landscape, managing sensitive credentials across distributed…
Automating ECR Pull Secrets on ROSA Using the External Secrets Operator and STS
This guide has been validated on OpenShift 4.20. Operator CRD names, API versions, and console paths may differ on other versions. Amazon Elastic Container Registry (ECR) issues short-lived authorization tokens that expire after 12 hours. On Red Hat OpenShift Service on AWS…
Ingress to ROSA Virt VMs with Certificate-Based Site-to-Site (S2S) IPsec VPN and Libreswan
Introduction This solution uses a Site-to-Site (S2S) VPNexternal link (opens in new tab) as a mechanism in OpenShift Virtualization on ROSA to establish an IP route between the virtual overlay network that VMs are attached to, and the VPC outside your clusterexternal link (opens…
Deploy ROSA + Nvidia GPU + RHOAI with Automation
Getting Red Hat OpenShift AI up and running with NVIDIA GPUs on a Red Hat OpenShift Service on AWS (ROSA) cluster can involve a series of detailed steps, from installing various operators to managing dependencies. While manageable, this process can be time-consuming when…
Using a Private IngressController with CloudFront on a ROSA Cluster
AWS CloudFront is a great choice for a Content Delivery Network in front of your ROSA cluster. In many situations, it may be useful to ensure that traffic to Routes within your cluster must come from your CloudFront Distribution rather than being able to bypass it (for example,…
Accessing the ROSA HCP API Server from a Different AWS Account
Introduction You can create a ROSA HCP cluster in one AWS account and configure it to allow access from a different AWS account using the oc command. This guide walks you through the actual AWS setup. Note: AWS environments vary, so consider this as one possible setup.…
Deploy ROSA with Red Hat Advanced Cluster Management for Kubernetes
This guide has been validated on OpenShift 4.20. Operator CRD names, API versions, and console paths may differ on other versions. In the dynamic world of cloud-native development, efficiently managing Kubernetes clusters across diverse environments is paramount. This blog post…
Integrating Service Mesh into a ROSA Cluster
This is a simple guide to integrate Red Hat OpenShift Service Mesh into your ROSA cluster. In this scenario, we will install Service Mesh using a custom domain (optional) and expose an app to test it. The first half of the guide will be integrating Service Mesh 2.x and second…
Adding a Private Ingress Controller and a Public ALB to a ROSA Cluster
Starting with OpenShift 4.14, Red Hat OpenShift Service on AWS (ROSA) supports adding additional Ingress Controllers which can be used to configure a custom domain on a ROSA cluster. This guide shows how to leverage this feature to create a complete routing solution with both a…
Optimizing Costs with ROSA - Scheduled Cluster Scaling
One of the key benefits of Red Hat OpenShift Service on AWS (ROSA) is its ability to scale efficiently, ensuring you only pay for the resources you actually need. While ROSA includes autoscaling features that adjust cluster size based on demand, you can further optimize costs by…
Configuring Microsoft Entra ID as an external authentication provider
You can set up Red Hat OpenShift Service on AWS (ROSA) with hosted control planes (HCP) to use an external OpenID Connect (OIDC) identity provider for authentication instead of the built-in OpenShift OAuth server. While the built-in OAuth server supports various identity…
Securely exposing an application on a private ROSA cluser with an AWS Network Load Balancer
Overview Red Hat strongly recommends creating a private ROSA cluster with no inbound Internet connectivity, isolating both the cluster API and hosted applications from external access. This configuration is a key part of a multi-layered security strategy to protect clusters and…
Securely exposing an application on a private ROSA cluser with an AWS Network Load Balancer
Continuation of Securely exposing an application on a private ROSA cluser with an AWS Network Load Balancer These instructions go through setting up an additional VPC as part of the overall blog. If you already have a VPC that you would like to use, you can skip these…
Securely exposing an application on a private ROSA cluser with an AWS Network Load Balancer - Jump Host
Continuation of Securely exposing an application on a private ROSA cluser with an AWS Network Load Balancer These instructions go through setting up a jump host to connect to the private rosa cluster. Note: the guide assumes you have set envirionment variables as described in the…
Creating Images using Stable Diffusion on Red Hat OpenShift AI on ROSA cluster with GPU enabled
1. Introduction Stable Diffusionexternal link (opens in new tab) is an AI model to generate images from text description. It uses a diffusion process to iteratively denoise random Gaussian noise into coherent images. This is a simple tutorial to create images using Stable…
Deploying a ROSA HCP cluster with Terraform
This guide will walk you through deploying a ROSA HCP cluster using Terraform. This is a great way to get started with ROSA and to automate the deployment of your clusters. Pre-requisites You need the git binary installed on your machine. You can download it from the git…
Install Portworx on Red Hat OpenShift Service on AWS (ROSA) with hosted control planes (HCP)
Portworx storage is a built-for-Kubernetes service that offers flexible and scalable persistent storage for applications in production. In this tutorial we will look at installing Portworx Enterprise on ROSA-HCP. Prerequisites You must have a Red Hat OpenShift Service on AWS…
Add an Ingress Controller to a ROSA Cluster and optionally with a custom domain.
Starting with OpenShift 4.14, ROSA supports adding additional Ingress Controllers which can use used to configure a custom domain on a ROSA cluster without having to use the now deprecated Custom Domain Operator. This guide shows how to add an additional Ingress Controller (…
